Skip to content

Instantly share code, notes, and snippets.

@spacelatte

spacelatte/blog.php

Last active August 27, 2018 21:39
Show Gist options
  • Save spacelatte/b8bd7095c3b8f883c1419640e2cfc474 to your computer and use it in GitHub Desktop.
Save spacelatte/b8bd7095c3b8f883c1419640e2cfc474 to your computer and use it in GitHub Desktop.
Download ZIP
single script blog/messaging
Raw
blog.php
<?php
const usertab = "users";
const posttab = "posts";
$db = new SQLite3("./blog.db",SQLITE3_OPEN_READWRITE|SQLITE3_OPEN_CREATE);
if(!$db) die("error db");
ob_start();
session_start();
$sid = session_id();
header("x-author: mert akengin, put your custom header(s) here");
header("content-type: text/plain");
$db->exec("create table if not exists ".usertab." ("
."id integer primary key,"
."name text not null unique,"
."pass text not null,"
."sess text"
.");") or die("error while creating users' table\n");
$db->exec("create table if not exists ".posttab." ("
."id integer primary key,"
."content text not null,"
."author integer not null,"
."time integer not null"
.");") or die("error while creating posts' table\n");
class User {
// const dummy;
public $id;
public $name;
public $pass;
public $sess;
function __construct() {
if(!func_num_args()) {
$this->id = null;
$this->name = null;
$this->pass = null;
}else{
$this->id = null;
$this->name = func_get_arg(0);
setPass(func_get_arg(1));
}
return;
}
function checkSession($session) {
return !strcmp($session,$this->sess);
}
function checkPass($pass) {
return !strcmp($pass,$this->pass);
}
function setSession($session) {
$this->sess = $session;
return;
}
function setPass($pass) {
$this->pass = md5($name.":".$pass);
return;
}
}
function _finish() { //redundancy everywhere
global $db;
$db->close();
ob_end_flush();
exit(0);
}
function sql_array_to_obj(&$obj,$arr) {
if(!$arr)
return;
foreach($arr as $k => $v)
$obj->$k = $v;
return;
}
$usr = new User();
if(!$db->querySingle("select id from ".usertab." where name = 'admin';"))
$db->exec("insert into ".usertab." values(null,'admin','".md5("admin:admin")."',null);");
sql_array_to_obj($usr,$db->querySingle("select * from ".usertab." where sess = '".SQLite3::escapeString($sid)."';",true));
if(isset($_GET["action"])) {
switch($_GET["action"]) {
case "login":
// session_destroy();
// session_start();
$sid = session_id();
$hash = md5($_POST["usr"].":".$_POST["pwd"]);
$db->exec("update ".usertab." set sess = '".SQLite3::escapeString($sid)."' where name = '".SQLite3::escapeString($_POST["usr"])."' and pass = '".SQLite3::escapeString($hash)."';");
header("location: ?");//".$_SERVER["HTTP_REFERER"]);
_finish();
break;
case "logout":
if(!$usr->id) {
echo ("you need to get in before able to get out smartass\n");
_finish();
}
// session_destroy();
$db->exec("update ".usertab." set sess = null where id = '".intval($usr->id)."';");
header("location: ".$_SERVER["HTTP_REFERER"]);
_finish();
break;
case "join":
if($usr->id) {
echo ("you need to get out before able to get in smartass\n");
_finish();
}
// session_destroy();
// session_start();
$sid = session_id();
$hash = md5($_POST["usr"].":".$_POST["pwd"]);
$db->exec("insert into ".usertab." values("
."null,"
."'".SQLite3::escapeString($_POST["usr"])."',"
."'".SQLite3::escapeString($hash)."',"
."'".SQLite3::escapeString($sid)."'"
.");") or die("error, possibly the user already exists!\n");
header("location: ".$_SERVER["HTTP_REFERER"]);
_finish();
break;
case "post":
if(!$usr->id) {
echo ("where are you going without an account!\n");
_finish();
}
$db->exec("insert into ".posttab." values(null,"
."'".SQLite3::escapeString($_POST["content"])."',"
."'".intval($usr->id)."','".time()."');");
header("location: ".$_SERVER["HTTP_REFERER"]);
_finish();
break;
case "passwd":
break;
default:
echo ("not implemented\n");
_finish();
break;
}
// handle post
}
header("content-type: text/html");
?>
<html>
<head>
<title>A n00b blog system</title>
<meta charset="utf-8" />
</head>
<body>
<?php if(!$usr->id) { ?>
<h3>Login:</h3>
<datalist id=users >
<?php
$users = $db->query("select name from ".usertab." where sess is null;") or die("error getting users");
while($u = $users->fetchArray(SQLITE3_NUM))
echo "<option value='".($u[0])."' />\n";
?>
</datalist>
<form method=POST action="?action=login">
username: <input type=text name=usr list=users />
password: <input type=password name=pwd />
<br><input type=submit value="login" />
</form>
<hr>
<h3>Register:</h3>
<form method=POST action="?action=join">
username: <input type=text name=usr />
password: <input type=password name=pwd />
<br><input type=submit value="register" />
</form>
<?php }else{ ?>
<?php
echo $db->querySingle("select name from users where id = '".intval($usr->id)."';");
?>
<a href="?action=logout">logout</a>
<hr>
<form method=POST action="?action=post">
<textarea name="content"
placeholder="type new post" onkeypress="post(event,this)" autofocus ></textarea>
<br><input type=submit value="post" />
</form>
<?php
//header("refresh: 10");
$posts = $db->query("select * from posts order by id desc;");
while($x = $posts->fetchArray(SQLITE3_ASSOC)) {
echo "<div class=post >\n";
echo "<div class=auth >\n";
echo $db->querySingle("select name from users where id = '".intval($x["author"])."';");
echo " said on ".date("Y-m-d H:i:s",intval($x["time"])).":</div>\n"; // author section end
echo htmlentities($x["content"]);
echo "</div>\n"; // post section end
echo "<hr>\n";
}
?>
<?php } ?>
<script>
window.onload = function() {
console.log("ok");
};
function post(event,element) {
if(event.keyCode === 13 && (event.altKey || event.ctrlKey))
element.parentNode.submit();
//console.log(event,[element]);
return;
}
</script>
</body>
</html>
<?php
_finish();
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment